Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3300

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2009-3300
Last Modified 19 Dec 2009 01:58:06
Published 06 Nov 2009 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2009-3300

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via URLs that are encountered in redirections, and appear in automatically generated forms.

Vulnerable Systems

Application

  • Internet2 Identity Provider 1.3

  • Internet2 Identity Provider 1.3.1

  • Internet2 Identity Provider 1.3.2

  • Internet2 Identity Provider 1.3.3

  • Internet2 Identity Provider 2.1.0

  • Internet2 Identity Provider 2.1.1

  • Internet2 Identity Provider 2.1.2

  • Internet2 Identity Provider 2.1.3

  • Internet2 Identity Provider 2.1.4

  • Internet2 Service Provider 1.3

  • Internet2 Service Provider 1.3.1

  • Internet2 Service Provider 1.3.2

  • Internet2 Service Provider 1.3.3

  • Internet2 Service Provider 2.0

  • Internet2 Service Provider 2.1

  • Internet2 Service Provider 2.2


References

XF - identity-url-xss(54140)

VUPEN - ADV-2009-3150

DEBIAN - DSA-1947

CONFIRM - http://shibboleth.internet2.edu/secadv/secadv_20091104.txt

SECUNIA - 37237


Last Updated: 27 May 2016 10:51:12